<?
/*
Bitsand - a web-based booking system for LRP events
Copyright (C) 2006, 2007 Russell Peter Phillips

This program is free software; you can redistribute it and/or
modify it under the terms of the GNU General Public License
as published by the Free Software Foundation; either version 2
of the License, or (at your option) any later version.

This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
GNU General Public License for more details.

You should have received a copy of the GNU General Public License
along with this program; if not, write to the Free Software
Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301, USA.
*/

//Do not check that user is logged in
$bLoginCheck = False;

include ('inc_head_db.php');
?>
<?
if ($_POST ['btnSubmit'] != '') {
	$sProblem = '';
	$sEmail = SafeEmail ($_POST ['txtEmail1']);
	//Check e-mail address is reasonable
	if (!eregi ("^[_a-z0-9-]+(\.[_a-z0-9-]+)*@[a-z0-9-]+(\.[a-z0-9-]+)*(\.[a-z]{2,3})$", $sEmail))
		$sProblem .= htmlentities ($sEmail) . " is not a valid e-mail address<br>\n";
	//Check e-mails are the same
	if ($_POST ['txtEmail1'] != $_POST ['txtEmail2'])
		$sProblem .= "The e-mails do not match<br>\n";
	//Check passwords are the same
	if ($_POST ['txtPass1'] != $_POST ['txtPass2'])
		$sProblem .= "The passwords do not match<br>\n";
	//Check password length
	if (strlen ($_POST ['txtPass1']) < 6)
		$sProblem .= "Password must be at least six characters<br>\n";
	//Check e-mail address is not already registered
	$sql = "SELECT plEmail FROM players WHERE plEmail = AES_ENCRYPT('$sEmail', '" . CRYPT_KEY . "')";
	$result = mysqli_query ($link, $sql);
	if (mysqli_num_rows ($result) > 0)
		$sProblem .= "The e-mail address " . htmlentities ($sEmail) . " is already registered<br>\n";
	//If there are no problems, register user
	if ($sProblem == '') {
		//Set up INSERT SQL query
		$sql = "INSERT INTO players (plEmail, plPassword) VALUES (AES_ENCRYPT('$sEmail', '" . CRYPT_KEY . "'), '";
		$sql .= sha1 ($_POST ['txtPass1'] . PW_SALT) . "')";
		//Run query
		mysqli_query ($link, $sql);
		//Make up URL & redirect to index.php with message
		$sHost = $_SERVER['HTTP_HOST'];
		$sURI = rtrim(dirname($_SERVER['PHP_SELF']), '/\\');
		$sFile = 'index.php' . '?green=' . urlencode ('Registration successful. You may now log in');
		header ("Location: http://$sHost$sURI/$sFile");
	}
}

include ('inc_head_html.php');
?>

<h1><?=TITLE?> - Register</h1>

<p>
To register, enter your e-mail address and a password below, then click <b>Register</b>. Each must be entered twice to guard against mistakes, and the password <b>must be at least six characters long</b>.
</p>

<?
//Report any problems
if ($sProblem != '')
	echo "<p class = 'warn'>$sProblem</p>\n";
?>

<form action = 'register.php' method = 'post' onsubmit = 'return fnCheck ()'>
<table class = 'blockmid'>
<tr>
<td>E-mail address:</td>
<td><input name = 'txtEmail1' class = 'text'></td>
</tr><tr>
<td>Confirm e-mail address:</td>
<td><input name = 'txtEmail2' class = 'text'></td>
</tr><tr>
<td colspan = '2'>&nbsp;</td>
</tr><tr>
<td>Password:</td>
<td><input name = 'txtPass1' type = 'password' class = 'text'></td>
</tr><tr>
<td>Confirm password:</td>
<td><input name = 'txtPass2' type = 'password' class = 'text'></td>
</tr><tr>
<td colspan = '2'>&nbsp;</td>
</tr><tr>
<td colspan = '2' class = 'mid'><input type = 'submit' name = 'btnSubmit' value = 'Register'>&nbsp;
<input type = 'reset'></td>
</tr>
</table>
</form>

<ul>
<li>Already registered? <a href = "index.php">Login</a></li>
<li>Forgot your password? <a href = "retrieve.php">Get a new password</a></li>
<li>Please ensure that you have read and understood the <a href = "terms.php">terms &amp; conditions</a></li>
</ul>

<?
include ('inc_foot.php');
?>
